OVH suffers 1.1Tbps DDoS attack

An internet hosting company has been the subject of a distributed denial of service attacks the likes of which the world has never seen

Hosting company OVH has been subject to the biggest attack DDoS known to date, with peaks of over 1 Tbps of traffic.

Over the past week, the company has been subjected to an attack greater than the one suffered by Krebs on Security.

The attack led to company founder and CTO Octave Klaba tweeting, “last days, we got lot of huge DDoS. Here, the list of ‘bigger that 100Gbps’ only. You can see the simultaneous DDoS are close to 1Tbps!”

Klaba also shared a screenshot of the multiple attacks on its infrastructure that when added together produced the 1Tbps directed at the company. The biggest single attack was documented at 799Gbps.

The OVH founder said that the attack had used IoT devices to mount the attack including hacked CCTV cameras and personal video recorders. “This botnet with 145607 cameras/dvr (1-30Mbps per IP) is able to send >1.5Tbps DDoS. Type: tcp/ack, tcp/ack+psh, tcp/syn,” he tweeted.

At the beginning of the month, OVNH confirmed that it was attacked by a 150Gbps DoS attack originating from Telefonica’s network.

Despite the eventual failure of the attack, its size raises questions about if it happened to a much smaller host.

Richard Meeus, technical director EMEA at NSFOCUS, told SCMagazineUK.com that “DDOS attacks have always been growing over the last 10 years and this leveraging of IoT devices is only going to exacerbate the issue.”

“Only a few years ago, the only devices in your home were your laptops, tablets and phones – now add smart fridges, thermostats, DVRs, security cameras and even light bulbs,” he said.

“This increase in devices, that are running cut-down versions of standard operating systems, are made to be very simple for anyone to use. Unfortunately, this often means trading security for instant out-of-the-box satisfaction and thus passwords are left at default or communication is left unencrypted. This means that hackers can gain access and load DDOS tools onto the devices, and you are now a member of a botnet.”

Craig Parkin, associate partner at Citihub Consulting, told SC that firms need to protect against all types of DDOS.

“The use here of compromised CCTV cameras is just another way of forming the botnet that does the attacking. It now looks like IoT devices are forming a larger part of the botnet,” he said.

“The use of CCTV cameras has exploded recently in the consumer market, whereas previously, these cameras might have been maintained and installed professionally as they are now on home networks sharing a physical network and likely remaining unpatched and directly exposed to the internet. It’s a problem that will only get worse.”